src - OpenBSD base system

Age	Commit message (Collapse)	Author
2021-05-04	gzread(3) doesn't always set errno, so use gzerror(3)	dv
	Compression errors from libz don't set errno. OK mlarkin@
2021-05-04	Move unused task queue stuff to the attic.	dv
	Was added about 4 years ago, but hasn't been used and linked into the build. Discussed with dlg@ and mlarkin@. mlarkin@: "Let's remove for now..."
2021-05-04	Init debug logging state before attempting to log.	dv
	Error messages related to bad configuration were not flushing to stderr. OK mlarkin@
2021-05-04	okay, prevent pkg_* from looking into /usr/local BUT special-case quirks	Marc Espie

2021-05-04	More comment changes to reflect reality. No functional change.	Claudio Jeker

2021-05-04	Update comment to match reality.	Claudio Jeker

2021-05-04	not yet, need to figure out how to fix quirks first	Marc Espie

2021-05-04	and do the same thing to pkg_mklocatedb	Marc Espie

2021-05-04	prevent the base pkg tools from looking under /usr/local	Marc Espie

2021-05-04	Similar to rsync repo delay deletes for rrdp repos to after processing	Claudio Jeker
	all files. Now RRDP has a weak sync mechanism and therefor not all unreferenced files can be removed, instead look at the list of removes which were part of the delta processing and remove those files. Warn and keep the file if a delta specifies to remove a file which is actually still referenced. OK benno@
2021-05-03	When negotiating multiprotocol capabilities only fall ack to AID_INET when	Claudio Jeker
	no capability was sent to the peer (this happens if the multiprotocol capability got disabled). It is possible that local and remote systems end up with no shared AFI/SAFI pair. In this case the connection will not send or should not receive any UPDATE messages. The previous behaviour of falling back to AID_INET in that case can result in problematic behaviour when sessions are missconfigured. OK benno@, deraadt@
2021-05-03	Print the timestamps both formatted and as a time in seconds field in	Claudio Jeker
	the various JSON object that have time values. OK benno@
2021-05-03	Like in the session engine do not inline the addr2sa call into connect and	Claudio Jeker
	bind. The len argument is modified by addr2sa but is also used as argument in the call and it is undefined if the value of len in connect is set to the value "returned" by addr2sa(). Should fix connect issues seen on Linux system. OK denis@
2021-05-02	Fix having hostnames in the listen on statement. Regression introduced in	Martijn van Duren
	r1.39. Issue originally reported by Anton Kasimov via rob@. OK claudio@
2021-05-01	Retire OpenBSD/sgi.	Visa Hankala
	OK deraadt@
2021-04-29	Linting: remove duplicate struct definition (plus whitespace)	dv
	"sure" mlarkin@
2021-04-29	Use relative reference URIs in Location header on directory redirects.	dv
	This adds support for front-ending httpd(8) with a TLS-terminating gateway like relayd(8) that forwards unencrypted http traffic. Previously httpd(8) would use a full URL in the Location header in 301 redirects when a user-agent requests a directory but without the trailing '/'. If the user-agent originally connected with https, this caused the redirected url to be http. This change conforms to RFC7231 section 7.1.2. Reported by Vincent Lee. OK claudio@
2021-04-28	build eeprom on riscv64	Jonathan Gray

2021-04-27	Add IMSG_CTL_SHOW_RTR to the list of restriced control messages.	Claudio Jeker

2021-04-27	Add RFC 6286 to the list of RFC bgpd supports.	Claudio Jeker
	OK job@
2021-04-27	Check for possible bgpid collision on open. RFC 6286 defines that this	Claudio Jeker
	check needs to be done for iBGP sessions but not for eBGP sessions. On conflict log an error and send a notification with ERR_OPEN_BGPID suberror. Reported by cjt (melissa_cjt at 163.com) OK benno@
2021-04-27	Fix notification sub-error code for syntactically incorrect nexthops.	Claudio Jeker
	The right suberror is ERR_UPD_NEXTHOP. Reported by cjt (melissa_cjt at 163.com) OK benno@
2021-04-26	vmd(8): fix vmctl client "wait" state corruption	dv
	Adds queue-based tracking of waiting client state to fix the cause of state corruption when a vmctl(8) user cancels a wait and restarts it. The socket fd value for the control process client was being used to track the waiting party, but this also prevented multiple waiting clients. This moves all the state tracking of who to notify of a vm's stopping to the control process and no longer requires the parent process to track it in the global environment state. Future work will be needed to smooth out the difference between the IMSG_VMDOP_TERMINATE_VM_{EVENT,RESPONSE} events instead of needing to translate before relaying to the vmctl(8) client. Tested by Mischa Peters (thanks!) ok mlarkin@
2021-04-26	Print out both the sent "Neighbor capabilities" and the "Negotiated	Claudio Jeker
	capabilities" for a session. Especially the multiprotocol capability can confuse because both sides need to allow a protocol to enable it. The JSON code dumps all the capabilities for local, remote and negotiated. OK denis@, sthen@
2021-04-26	The time_t now is only set but never used. Noticed by gcc.	Claudio Jeker

2021-04-24	remove bgpd warning message exposed by "bgpctl show rib peer out" for	Theo de Raadt
	non-existant peer; the bgpctl command exposes the error itself ok claudio
2021-04-22	vmd(8): guard against bad virtio drivers	dv
	Add protections against guests with bad virtio-{blk,net,scsi} drivers, specifically avoiding invalid descriptor chains and invalid vionet packet sizes. This helps prevent possible lockup of the host vm process due to a spinning device event loop thread. Also fix an unneeded cast in the vioblk handling in case of invalid buffer lengths. OK mlarkin@
2021-04-22	Indent and simplify the grammar.	Martin Pieuchot

2021-04-22	Eliminate S/R conflicts and simplify filter grammar.	Martin Pieuchot

2021-04-22	Remove trailing whitespace in comment blocks.	dv

2021-04-22	Simplify token declaration.	Martin Pieuchot

2021-04-22	Simplify now that TID and PID are now only being parsed as builtin.	Martin Pieuchot

2021-04-22	Remove support for in-kernel filters.	Martin Pieuchot
	This might be added back in a future if copying events to userland becomes a performance issue. However note that it is not always possible to filter in-kernel if, for example. a variable has to be evaluated when a rule fires.
2021-04-21	Fix packet size checks and remove bad casts.	dv
	Because dhcpsz was an uninitialized ssize_t, it was possible that a garbage "packet" would be queued on the receiving end of the virtio network device. Change the type to size_t and add proper checks based on it being greater than zero. Remove the cast of ssize_t to uint64_t that also caused garbage sizes when dhcpsz was unintialized and set at runtime to something < 0.
2021-04-21	remove -p from usage;	Jason McIntyre

2021-04-21	Extend filters to support any conditionnal test including global variables.	Martin Pieuchot
	Stop using in-kernel filtering for the moment except for not tracing the tracer. Keep track of the number of filtered events.
2021-04-21	Always initialized min value for an histogram.	Martin Pieuchot

2021-04-21	typo	Martin Pieuchot

2021-04-21	Support for local (scratch) variables: "$var_name".	Martin Pieuchot
	Every rule gets its own list of (local) variables.
2021-04-21	Extend print() to support any kind of variable.	Martin Pieuchot

2021-04-21	Support first shell argument as $1 in order to use it in filters.	Martin Pieuchot
	Remove '-p' option now that scripts can filter by pid/tid.
2021-04-21	Improve ntpd offset handling. Call the index of the offset loops	Alexander Bluhm
	"shift" consistently. Merge the two offset loops in client_update() into one. Use a simple assignment for the best value instead of memcpy(). Use the same mechanism to loop over the offset array everywhere to avoid an invalid best value. tested by weerd@; OK claudio@
2021-04-21	HTTP errors are logged by the http module. No need to repeat them.	Claudio Jeker
	Instead add a logx when a fallback from delta sync to a snapshot happens.
2021-04-21	When setting RRDP_STATE_PARSE_ERROR a warning is issued so there is no need	Claudio Jeker
	to warn a 2nd time here, it adds no additional information.
2021-04-21	unplug unused certificate verification code, now that this is done by libtls.	Eric Faurot
	ok tb@ millert@
2021-04-20	Move TAILQ initialization to files where they are used.	dv
	These priv-sep daemons all follow a similar design and use TAILQs for tracking control process connections. In most cases, the TAILQs are initialized separate from where they are used. Since the scope of use is generally confined to a specific control process file, this commit also removes any extern definitions and exposing the TAILQ structures to other compilation units. ok bluhm@, tb@
2021-04-20	Add keep-alive support to the HTTP module.	Claudio Jeker
	Requests are split away from connections. When a request is received try to reuse an IDLE connection. If none is around start a new one (unless there are too many connections inflight). Idle connections are kept for 10sec and closed after that time. For rpki-client this is plenty of time since RRDP exchanges will be a burst of requests. So the connection used to fetch the notification XML file will be reused to fetch all delta XML files. This reduces the CPU load since far less TLS handshakes need to happen. OK job@ deraadt@
2021-04-20	Switch some warnings to logx() to reduce log noise on runs without -v.	Claudio Jeker
	OK job@
2021-04-20	Update comment to be less confusing (I hope)	Claudio Jeker

2021-04-20	prefix_insert() and prefix_remove() emulate a tail queue by keeping the	Claudio Jeker
	tail pointer (pointer to last element) around and depending on the state of the list insert at head or insert after tailp. Now gcc has a hard time to realize that the tail pointer is not used uninitalized. So rewrite the code to be more explicit about tailp handling (also rename the pointer to be more explicit). All in all this should be more readable and silences the gcc warning as well.